NEWS:
Is mandatory password expiration helping or hurting your password security?
For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and Microsoft have abandoned this longstanding best practice and are now recommending against mandatory password expiration. Microsoft lists two main reasons why scheduled password expirations should be avoided.
Hackers Have It Out for Microsoft Email Defenses
Increasingly, cyberattackers are laser-focused on crafting attacks that are specialized to bypass Microsoft’s default security, researchers say — which is going to require a shift in defense posture for organizations going forward. “Many hackers think of email and Microsoft 365 as their initial points of compromise, [so they] will test and verify that they are able to bypass Microsoft’s default security,” according to a new report from Avanan that flags an uptick in its customer telemetry of malicious emails landing in Microsoft- protected email boxes.
https://www.darkreading.com/remote-workforce/hackers-have-it-out-for-microsoft-email-defenses
Back to Basics: Cybersecurity’s Weakest Link
A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you’re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver bullet for all your cybersecurity problems? No. There’s no easy, technology-driven fix for what is really cybersecurity’s biggest challenge: the actions of human beings.
https://thehackernews.com/2022/10/back-to-basics-cybersecuritys-weakest.html
Netwalker ransomware affiliate sentenced to 20 years in prison
Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities. Vachon-Desjardins, a 34 Canadian man extradited from Quebec, was sentenced today in a Florida court after pleading guilty to ‘Conspiracy to commit Computer Fraud’, ‘Conspiracy to Commit Wire Fraud’, ‘Intentional Damage to Protected Computer,’ and ‘Transmitting a Demand in Relation to Damaging a Protected Computer.’
Numerous orgs hacked after installing weaponized open source apps
PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording all targeted. Hackers backed by the North Korean government are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising “numerous” organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday. ZINC—Microsoft’s name for a threat actor group also called Lazarus, which is best known for conducting the devastating 2014 compromise of Sony Pictures Entertainment—has been lacing PuTTY and other legitimate open source applications with highly encrypted code that ultimately installs espionage malware. The hackers then pose as job recruiters and connect with individuals of targeted organizations over LinkedIn. After developing a level of trust over a series of conversations and eventually moving them to the WhatsApp messenger, the hackers instruct the individuals to install the apps, which infect the employees’ work environments.
INCIDENTS:
Russian Hackers Shut Down US State Government Websites
A hacktvist group with ties to the Russian government has claimed credit for cyberattacks on the government websites of three US states: Colorado, Kentucky, and Mississippi. The sites for Mississippi and Kentucky were functioning Thursday, following the Russian cyberattacks, while the Colorado State Official Web Portal was displaying a message that the “homepage is currently offline,” earlier in the day. By Thursday afternoon, the homepage appeared back online.
https://www.darkreading.com/attacks-breaches/russian-hackers-shut-down-state-government-sites
BlackCat ransomware gang claims to have hacked US defense contractor NJVC
Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide.
Ransomware gang leaks data stolen from LAUSD school system
The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month. LAUSD superintendent Alberto M. Carvalho confirmed the release of stolen data in a statement posted to Twitter, along with announcing a new hotline launching tomorrow morning at 855-926-1129 for concerned parents and students to ask questions about the data leak. “Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release,” tweeted Carvalho.
MALWARE:
Hundreds of Microsoft SQL servers backdoored with new malware
Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world. Maggie is controlled through SQL queries that instruct it to run commands and interact with files. Its capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers and doubling as a bridge head into the server’s network environment. The backdoor was discovered by German analysts Johann Aydinbas and Axel Wauer of the DCSO CyTec. Telemetry data shows that Maggie is more prevalent in South Korea, India, Vietnam, China, Russia, Thailand, Germany, and the United States.
Avast releases free decryptor for MafiaWare666 ransomware variants
Avast has released a decryptor for variants of the MafiaWare666 ransomware known as ‘Jcrypt’, ‘RIP Lmao’, and ‘BrutusptCrypt,’ allowing victims to recover their files for free. The security company says it discovered a flaw in the encryption scheme of the MafiaWare666 strain, allowing some of the variants to be unlocked. However, this may not apply to newer or unknown samples that use a different encryption system.
https://decoded.avast.io/threatresearch/decrypted-mafiaware666-ransomware/
VULNERABILITIES:
Details Released for Recently Patched new macOS Archive Utility Vulnerability
Security researchers have shared details about a now-addressed security flaw in Apple’s macOS operating system that could be potentially exploited to run malicious applications in a manner that can bypass Apple’s security measures. The vulnerability, tracked as CVE-2022-32910, is rooted in the built-in Archive Utility and “could lead to the execution of an unsigned and unnotarized application without displaying security prompts to the user, by using a specially crafted archive,” Apple device management firm Jamf said in an analysis.
https://thehackernews.com/2022/10/details-released-for-recently-patched.html
Microsoft Updates Mitigation for Exchange Server Zero-Days
Microsoft today updated its mitigation measures for two recently disclosed and actively exploited zero-day vulnerabilities in its Exchange Server technology after researchers found its initial guidance could be easily bypassed. Microsoft’s original mitigation for the two vulnerabilities — CVE-2022-41040 and CVE-2022-41082 — was to apply a blocking rule to a specific URL path using the URL Rewrite Module on IIS Server. According to the company, adding the string “.*autodiscover\.json.*\@.*Powershell.*” would help block known attack patterns against the vulnerabilities.
Cyber4Dev collates data from Open-Source websites, any opinions or attributions expressed in the articles are not those of Cyber4Dev and are not endorsed by the project or the EU.
